Leaders from the Centers for Medicare & Medicaid Services and the Internal Revenue Service said at an occasionally fractious Congressional hearing that the federal data hub will be mostly, if not fully, functioning by October, supporting information sharing for insurance and Medicaid applications.

Members of the House Committee on Oversight & Government Reform’s Energy Policy, Health Care and Entitlements subcommittee interrogated CMS administrator Marilyn Tavenner, CMS deputy CIO Henry Chao, interim IRS commissioner Danny Werfel and others on the issues of privacy, security, fraud, contracting and management with the federal data hub — as they're "trying to make the confusing system work," as chairman James Lankford, an Oklahoma Republican put it.

A chief concern from lawmakers of both parties was the security of the hub. "Are you ready to secure the information for over 20 million Americans?” asked Rep. Pat Meehan, a Republican from Pennsylvania.

“On October 1, the health insurance marketplace will be open for business,” CMS administrator Tavenner said. “They can trust their information is being protected through the highest privacy standards.”

Tavenner said she wanted to emphasize two points. While the insurance exchange application does ask for personal identifying information like Social Security numbers, “it never asks for personal health information” — a worry of some Republicans that was recently raised by Tennessee Republican Rep. Diane Black in a June U.S. News & World Reportop-ed.

Second, Tavenner said, the data hub was designed “in a way to minimize all security vulnerability and is focused on storing the minimum amount of information necessary.”

Indeed, as CMS deputy CIO Chao described it, the hub is more of a routing tool than a database. “It allows the system to link and query up to seven government data systems used today,” starting with the Social Security Administration, as one step in verifying citizenship, followed by the IRS, Department of Homeland Security and possibly other agencies, like the Peace Corp, to check for various federal benefits eligibility.

As Tavenner explained to Michigan Republican Rep. Tim Walberg, who raised concerns about the IRS’s decision to rely mostly on applicants income attestation for 2014, there will be several layers of verification and sub-processes when first-line determinations aren’t conclusive.

The advanced premium tax credits may be available if criteria like family size or citizenship status can’t be immediately confirmed, as they go through a reconciliation process that involves support workers, Tavenner said. But, as IRS officials also pointed out, when the agency verifies the income of all applicants based on their previous year’s tax return in 2015, overpayments from 2014 will be retroactively recouped in the form of new tax liabilities or, more likely for lower-income Americans, through the withholding of tax refunds.

CMS and IRS officials were also joined by John Dicken, healthcare director at the Government Accountability Office, who reviewed findings from a report this spring showing mixed progress in CMS meeting timelines for the data hub and federal HIX.

“Whether contingency planning will assure the timely and smooth implementation of the exchanges by October 2013 cannot yet be determined,” Dickens said.

CMS’s Henry Chao told the subcommittee that federal HIX and data hub work is mostly on track — not that it’s an easy pace.

Specific application software for qualified health plans and eligibility systems is ongoing, and “all of that code and databases are still being built throughout the summer,” Chao said. CMS started testing data exchange with qualified health plans in June, and in the next “70 or so days,” integration testing — “or what some like to call end-to-end testing” — will speed up between CMS and the other federal agencies.

The privacy and security worries of some lawmakers were coupled with their attempts to understand exactly how the data hub worked — and their concerns that the “largest consolidation of personal data in the history of the republic,” as Meehan put it, could go awry.

Tavenner and Chao both pointed to Medicare, a government program with equally enormous datasets of personal information. With nearly 50 million lives covered, Medicare’s enrollment has “very similar architecture and patterns to the marketplace,” Chao said. “At a superscale level, CMS has applied this experience.”

The government IT variable for data hub and HIX success may be the IRS, depending on its resources. Considered by some observers to be at least modestly understaffed and underfunded, the IRS still has some outstanding IT needs for Affordable Care Act implementation, Alan Duncan, assistant inspector general for tax administration at the Treasury Department, the IRS’s parent agency, told the committee.

The IRS’s fiscal year 2014 budget request asks for $440 million in appropriations for ACA work — $306 million of that for IT changes “needed to deliver needed to deliver income information, tax credits, and other ACA requirements.” A budget endorsed by House Republicans, meanwhile, would reduce the IRS’s budget by about 24 percent.

Duncan said it’s still possible there could be glitches in the IRS's data management of advance premium tax credits. The Treasury Inspector General for Tax Administration is currently in the midst of conducting an audit of the IRS’s application development and testing for the premium tax credit application and calculator and will finalize the report before the beginning of the October 2013 open enrollment period.